Re: CVE-2019-17362 page should list libcryptx-perl versions that are impacted and not impacted

To: Andrew Bartlett <abartlet@samba.org>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: CVE-2019-17362 page should list libcryptx-perl versions that are impacted and not impacted
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 9 Jan 2025 23:14:41 +0100
Message-id: <[🔎] Z4BKUUMbgjfxgVlJ@eldamar.lan>
Mail-followup-to: Andrew Bartlett <abartlet@samba.org>, debian-security-tracker@lists.debian.org
In-reply-to: <[🔎] 5afb5bc2056063fbc752caf27765b6b54cd984d5.camel@samba.org>
References: <[🔎] 5afb5bc2056063fbc752caf27765b6b54cd984d5.camel@samba.org>

hi Andrew,

On Thu, Jan 09, 2025 at 11:09:47AM +1300, Andrew Bartlett wrote:
> libcryptx-perl 0.65 (upstream commit
> 32f1d210ed6300b8e82f46f1b983f7316aa7eaf9) is the first version to have
> the fix for CVE-2019-17362 by my analysis for the bundled libtomcrypt.
> 
> It would be awesome for others if the 
> https://security-tracker.debian.org/tracker/CVE-2019-17362 page had
> this information also.

Looks right and have added the information! In particular tracked as
well the embedded copy.

> BTW, What is the right way to then alert the LTS team to allow them to
> either apply the patch or mark it as wont-fix?

bullseye LTS is on 0.069-1 has already the fix, the LTS team can be
reached via the debian-lts@lists.debian.org list.

Regards,
Salvatore

Reply to:

References:
- CVE-2019-17362 page should list libcryptx-perl versions that are impacted and not impacted
  - From: Andrew Bartlett <abartlet@samba.org>

Prev by Date: CVE-2019-17362 page should list libcryptx-perl versions that are impacted and not impacted
Next by Date: External check
Previous by thread: CVE-2019-17362 page should list libcryptx-perl versions that are impacted and not impacted
Index(es):
- Date
- Thread